Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Virus' getting through
  FAQ FAQ  Forum Search   Register Register  Login Login

Virus' getting through

 Post Reply Post Reply
Author
lyndonje View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2006
Location: United Kingdom
Status: Offline
Points: 192
Post Options Post Options   Thanks (0) Thanks(0)   Quote lyndonje Quote  Post ReplyReply Direct Link To This Post Topic: Virus' getting through
    Posted: 06 August 2010 at 11:01am
Hi Roberto,

A client has received an email with an attachments which contains a virus. They have then forward this email onto myself which again was not stopped.

I uploaded the file to http://www.virustotal.com, which has scanned the file with 38 different engines, which is reported by the Norman engine as:

Antivirus Version Last Update Result
Norman 6.05.11 2010.08.06 Suspicious_Gen2.BSZAK

I've checked the SF logs and I see the line where it says scanning for viruses, it then queues for delivery. In the SF GUI, it reports that the AV files are found with the following definitions:

NvcBin.def 15/07/2010 09:45:44
NvcMacro.def 15/07/2010 09:13:54
Nvclncr.def 06/08/2010 01:17:50
Nse_w32.dll 24/06/2010 11:41:26
NCL.dll 24/06/2010 11:27:06

Any ideas? Anything you want from me?

Thanks,
Lyndon
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 August 2010 at 10:07pm
Lyndon,

Can you please forward us the email to support at logsat.com, so we can take a look? In case it gets stopped, can you please also zip in a password-protected zip file the virus and send it to us in a separate email?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
lyndonje View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2006
Location: United Kingdom
Status: Offline
Points: 192
Post Options Post Options   Thanks (0) Thanks(0)   Quote lyndonje Quote  Post ReplyReply Direct Link To This Post Posted: 07 August 2010 at 8:45am
Hi Roberto,

Sent the two emails, the non passworded zip was blocked by your server.

Regards,
Lyndon


Edited by lyndonje - 07 August 2010 at 8:46am
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 August 2010 at 12:10pm
Lyndon, just in case my emails to you get blocked (the one with the virus was), I replied to you via email a few minutes ago.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
lyndonje View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2006
Location: United Kingdom
Status: Offline
Points: 192
Post Options Post Options   Thanks (0) Thanks(0)   Quote lyndonje Quote  Post ReplyReply Direct Link To This Post Posted: 07 August 2010 at 12:40pm
How strange, the only thing that has changed is one of the norman definition files?
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.047 seconds.